From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 278736DE0ECC for ; Fri, 15 Mar 2019 01:58:45 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.219 X-Spam-Level: X-Spam-Status: No, score=-0.219 tagged_above=-999 required=5 tests=[AWL=-0.018, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U7aLHjRz1P2k for ; Fri, 15 Mar 2019 01:58:44 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id 6E3A86DE0C4A for ; Fri, 15 Mar 2019 01:58:44 -0700 (PDT) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1552640323; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=UNAtqK7l2ExJR2lS5w9IsQPIiMbaqU8q60W3cWIyQWI=; b=SgPn732xjbM8uyxrJPpjz+9+si4F0sW8y3mJWigomZu7OyfWUUin1r/R 5GP3dUjdrPso62UOMVowsW7wvG6LAg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1552640323; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=UNAtqK7l2ExJR2lS5w9IsQPIiMbaqU8q60W3cWIyQWI=; b=trto2VnbaIUGNA6v5jDb/GXPMJVAPJ/mh/BIow72t0Y0aGwP+rtfYvgn WEmNvPxlwUiGGCT+f+uQbLjFIjeQ68q18AzSmqR6/6jYXGb/JS1efa5PMW fY5guFTHrNj22Jty6bW0Vct0QD18d7dylLM1LCuTmAhmxsrRlMDtnLNA9R zA0ewlMl9Q6eoZiwwuk66CoWmUg28zQ3M341l9eF1SKkqZeAXypR0sqH8O I4VMB+kWBh55lv5IFNbTvr/x6hx54KkT7+jsWs+QrLVAz7A4eSIfhpNy3D IcCpRfBrv0oKNBDPVgChY+HLWrvo7A7AgIyvyTcZcYvImgEMITEjdQ== Received: from fifthhorseman.net (unknown [IPv6:2001:470:1f07:60d:20b6:84ff:fe8d:8441]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 845E0F99D; Fri, 15 Mar 2019 04:58:43 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 87B30200F5; Fri, 15 Mar 2019 04:58:33 -0400 (EDT) From: Daniel Kahn Gillmor To: Adam Majer , David Bremner , Carl Worth , notmuch@notmuchmail.org Subject: Re: [PATCH] build: sign tarball instead of sha256sum In-Reply-To: <3bbd5c2e-54b7-dbbd-6065-68ce2c2005fd@suse.de> References: <87mun16gmm.fsf@wondoo.home.cworth.org> <20190213021703.18412-1-david@tethera.net> <87lg1kcqg8.fsf@tethera.net> <87ftrpgjdb.fsf@fifthhorseman.net> <3bbd5c2e-54b7-dbbd-6065-68ce2c2005fd@suse.de> Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw== Date: Fri, 15 Mar 2019 04:58:32 -0400 Message-ID: <87tvg4wm2v.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Mar 2019 08:58:45 -0000 --=-=-= Content-Type: text/plain On Fri 2019-03-15 02:53:28 +0100, Adam Majer wrote: > adding explicit checks would add an extra BuildRequires in the build > process to pull in gpg, which is excessive. It shouldn't require gpg; it should only pull in gpgv, which is already on the base system, no? And once the "small file" is checked, it would then require sha256sum (or the equivalent) to verify the tarball itself; on any modern system, that's likely to be available anyway (e.g. coreutils' sha256sum or "openssl dgst" or whatever). > Instead of reverting, how about distributing the .asc file and an > inline signed checksum file? The checksum file (*.sha256.asc) that is distributed by notmuch is already inline-signed (please read my proposed verification step upthread), so that part's done. (notmuch does *also* ship an unsigned *.sha256 file, which i agree doesn't serve much purpose and could be dropped) But you're right that we could distribute a detached signature over the tarball in addition to the stronger mechanism. that way people who have other defenses against rollback or version fixation attacks (or who are willing to take the risk) can check the simpler, weaker mechanism. David, how would you feel about generating two forms of cryptographic signature per-tarball as an interim process? --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQTJDm02IAobkioVCed2GBllKa5f+AUCXItpOAAKCRB2GBllKa5f +FcTAP4ib5EFAG2YIXSx/VGh4yW3ZPWevg49kNnp5HAR44pV0wEApQ3LJISBxwPh Tqmi3dfN4KZ+Nlj9ocyv9lI2JL5zYgY= =rP1m -----END PGP SIGNATURE----- --=-=-=--